{"id":"https://openalex.org/W4417132535","doi":"https://doi.org/10.1109/saner-c66551.2025.00018","title":"Usability of Static Application Security Testing Workflows","display_name":"Usability of Static Application Security Testing Workflows","publication_year":2025,"publication_date":"2025-03-04","ids":{"openalex":"https://openalex.org/W4417132535","doi":"https://doi.org/10.1109/saner-c66551.2025.00018"},"language":null,"primary_location":{"id":"doi:10.1109/saner-c66551.2025.00018","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner-c66551.2025.00018","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004821900","display_name":"Bhagya Chembakottu","orcid":"https://orcid.org/0000-0001-8394-1954"},"institutions":[{"id":"https://openalex.org/I5023651","display_name":"McGill University","ror":"https://ror.org/01pxwe438","country_code":"CA","type":"education","lineage":["https://openalex.org/I5023651"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Bhagya Chembakottu","raw_affiliation_strings":["McGill University,School of Computer Science,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"McGill University,School of Computer Science,Montreal,Canada","institution_ids":["https://openalex.org/I5023651"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059244952","display_name":"Martin P. Robillard","orcid":"https://orcid.org/0000-0002-0248-1384"},"institutions":[{"id":"https://openalex.org/I5023651","display_name":"McGill University","ror":"https://ror.org/01pxwe438","country_code":"CA","type":"education","lineage":["https://openalex.org/I5023651"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Martin P. Robillard","raw_affiliation_strings":["McGill University,School of Computer Science,Montreal,Canada"],"affiliations":[{"raw_affiliation_string":"McGill University,School of Computer Science,Montreal,Canada","institution_ids":["https://openalex.org/I5023651"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5004821900"],"corresponding_institution_ids":["https://openalex.org/I5023651"],"apc_list":null,"apc_paid":null,"fwci":3.6264,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.95104292,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"77","last_page":"80"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.4465999901294708,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.4465999901294708,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.13179999589920044,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.06800000369548798,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.8870999813079834},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6614999771118164},{"id":"https://openalex.org/keywords/usability-inspection","display_name":"Usability inspection","score":0.5515000224113464},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5393999814987183},{"id":"https://openalex.org/keywords/cognitive-walkthrough","display_name":"Cognitive walkthrough","score":0.48260000348091125},{"id":"https://openalex.org/keywords/web-usability","display_name":"Web usability","score":0.41679999232292175},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.36579999327659607},{"id":"https://openalex.org/keywords/pluralistic-walkthrough","display_name":"Pluralistic walkthrough","score":0.36039999127388}],"concepts":[{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.8870999813079834},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.715499997138977},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6614999771118164},{"id":"https://openalex.org/C23456302","wikidata":"https://www.wikidata.org/wiki/Q7901668","display_name":"Usability inspection","level":4,"score":0.5515000224113464},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5393999814987183},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5163999795913696},{"id":"https://openalex.org/C87105883","wikidata":"https://www.wikidata.org/wiki/Q1107002","display_name":"Cognitive walkthrough","level":4,"score":0.48260000348091125},{"id":"https://openalex.org/C4237393","wikidata":"https://www.wikidata.org/wiki/Q1636686","display_name":"Web usability","level":3,"score":0.41679999232292175},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.36579999327659607},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3625999987125397},{"id":"https://openalex.org/C188688815","wikidata":"https://www.wikidata.org/wiki/Q7205541","display_name":"Pluralistic walkthrough","level":3,"score":0.36039999127388},{"id":"https://openalex.org/C100302975","wikidata":"https://www.wikidata.org/wiki/Q1642623","display_name":"Usability engineering","level":3,"score":0.35359999537467957},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.35280001163482666},{"id":"https://openalex.org/C62993174","wikidata":"https://www.wikidata.org/wiki/Q2928808","display_name":"Usability goals","level":4,"score":0.3447999954223633},{"id":"https://openalex.org/C11324603","wikidata":"https://www.wikidata.org/wiki/Q2502322","display_name":"Usability lab","level":4,"score":0.33649998903274536},{"id":"https://openalex.org/C3255780","wikidata":"https://www.wikidata.org/wiki/Q1616517","display_name":"Heuristic evaluation","level":3,"score":0.33629998564720154},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.3327000141143799},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30090001225471497},{"id":"https://openalex.org/C71151206","wikidata":"https://www.wikidata.org/wiki/Q5156686","display_name":"Component-based usability testing","level":5,"score":0.2985000014305115},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.29010000824928284},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.28929999470710754},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.28439998626708984},{"id":"https://openalex.org/C6353995","wikidata":"https://www.wikidata.org/wiki/Q17027910","display_name":"Human-computer interaction in information security","level":5,"score":0.26010000705718994},{"id":"https://openalex.org/C89505385","wikidata":"https://www.wikidata.org/wiki/Q47146","display_name":"User interface","level":2,"score":0.25540000200271606},{"id":"https://openalex.org/C139225968","wikidata":"https://www.wikidata.org/wiki/Q17146354","display_name":"System usability scale","level":4,"score":0.25209999084472656}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/saner-c66551.2025.00018","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner-c66551.2025.00018","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W2067462093","https://openalex.org/W3160144036","https://openalex.org/W4210690107","https://openalex.org/W4285490437","https://openalex.org/W4362554685","https://openalex.org/W4386688462","https://openalex.org/W4389159189","https://openalex.org/W4399667981"],"related_works":[],"abstract_inverted_index":{"The":[0],"usability":[1,80,103],"of":[2,13,45],"static":[3],"application":[4],"security":[5],"testing":[6],"tools":[7,26],"(SASTs)":[8],"can":[9],"facilitate":[10],"the":[11,43,46],"development":[12,32],"secure":[14],"code":[15],"within":[16],"GitHub":[17],"workflows.":[18],"We":[19],"report":[20],"on":[21],"our":[22],"experience":[23],"applying":[24],"these":[25],"with":[27,70],"Spring":[28,63],"and":[29,42,87,94,104,109],"Django":[30,55],"web":[31],"frameworks,":[33],"analyzing":[34],"aspects":[35],"such":[36,82],"as":[37,83],"setup":[38,67,92],"complexity,":[39],"build":[40,74],"integration,":[41],"utility":[44],"generated":[47],"vulnerability":[48],"reports.":[49],"A":[50],"key":[51],"observation":[52],"is":[53],"that":[54],"projects":[56,64],"require":[57],"less":[58],"effort":[59],"to":[60,73],"integrate,":[61],"whereas":[62],"involve":[65],"significant":[66],"challenges,":[68],"particularly":[69],"SonarCloud,":[71],"due":[72],"environment":[75],"dependencies.":[76],"Furthermore,":[77],"we":[78,97],"observed":[79],"issues":[81],"ambiguous":[84],"error":[85,95],"messages":[86],"inconsistent":[88],"warnings.":[89],"By":[90],"examining":[91],"time":[93],"incidence,":[96],"provide":[98],"insights":[99],"for":[100,106],"improving":[101],"SAST":[102],"recommendations":[105],"easier":[107],"installation":[108],"clearer":[110],"notifications.":[111]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-08T00:00:00"}